opendev/storyboard
Code Issues Proposed changes

Allow editing and deletion of comments to be disabled

Browse Source 
This commit adds a configuration option which must be set in order
to enable users to edit their comments, and enable superusers to
delete comments.

The option, `enable_editable_comments`, is False by default, meaning
that the editing and deletion functionality must be opted into. If
it is False, then only a database admin can delete or edit comments,
by modifying the database directly.

Change-Id: Iabf598eae3aa35e4e53aadfe514fb2b0da37cefc
This commit is contained in:
Adam Coldrick 2016-07-06 10:12:19 +00:00
parent 0cc7a72f39
commit 7d8e59a81e
4 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
etc/storyboard.conf.sample
View File

@ -41,6 +41,10 @@ lock_path = $state_path/lock
# and subscriptions. # and subscriptions.
# enable_notifications = True # enable_notifications = True
# Enable editing/deletion of comments. When enabled, users can edit their own
# comments and admins can delete comments.
# enable_editable_comments = True
[oauth] [oauth]
# StoryBoard's oauth configuration. # StoryBoard's oauth configuration.

5
storyboard/api/app.py
View File

@ -52,7 +52,10 @@ API_OPTS = [
help='API port'), help='API port'),
cfg.BoolOpt('enable_notifications', cfg.BoolOpt('enable_notifications',
default=False, default=False,
help='Enable Notifications') help='Enable Notifications'),
cfg.BoolOpt('enable_editable_comments',
default=False,
help='Enable editing and deletion of comments')
] ]
CORS_OPTS = [ CORS_OPTS = [
cfg.ListOpt('allowed_origins', cfg.ListOpt('allowed_origins',

6
storyboard/api/v1/timeline.py
View File

@ -246,6 +246,9 @@ class CommentsController(rest.RestController):
:param comment_id: The id of a Comment to be updated. :param comment_id: The id of a Comment to be updated.
:param comment_body: An updated Comment. :param comment_body: An updated Comment.
""" """
if not CONF.enable_editable_comments:
abort(405, _("Editing of comments is disabled "
"by the server administrator."))
comments_api.comment_get(comment_id) comments_api.comment_get(comment_id)
comment_author_id = events_api.events_get_all( comment_author_id = events_api.events_get_all(
@ -269,6 +272,9 @@ class CommentsController(rest.RestController):
:param story_id: A placeholder. :param story_id: A placeholder.
:param comment_id: The id of a Comment to be updated. :param comment_id: The id of a Comment to be updated.
""" """
if not CONF.enable_editable_comments:
abort(405, _("Deletion of comments is disabled "
"by the server administrator."))
comments_api.comment_delete(comment_id) comments_api.comment_delete(comment_id)

7
storyboard/tests/api/test_comments.py
View File

@ -61,9 +61,6 @@ class TestComments(base.FunctionalTest):
update_url = self.comments_resource % self.story_id + \ update_url = self.comments_resource % self.story_id + \
"/%d" % original_id "/%d" % original_id
updated = self.put_json(update_url, delta) response = self.put_json(update_url, delta, expect_errors=True)
original_content = self.comment_01['content'] self.assertEqual(405, response.status_code)
updated_content = updated.json['content']
self.assertNotEqual(original_content, updated_content)